diff options
| author | Jamie Nguyen <j@jamielinux.com> | 2018-07-16 11:25:08 +0100 |
|---|---|---|
| committer | Jamie Nguyen <j@jamielinux.com> | 2018-07-16 11:25:08 +0100 |
| commit | a347a4ae65ec8e54fc15d012ad557de1035f4a12 (patch) | |
| tree | 715b8459aba01b51160beedc18d0a580fa68a0e6 | |
| parent | 213fa1f8a37fb59163ab1bde931b2294d045363e (diff) | |
| download | apache-a347a4ae65ec8e54fc15d012ad557de1035f4a12.tar.gz apache-a347a4ae65ec8e54fc15d012ad557de1035f4a12.tar.bz2 apache-a347a4ae65ec8e54fc15d012ad557de1035f4a12.tar.xz apache-a347a4ae65ec8e54fc15d012ad557de1035f4a12.zip | |
Allow bind mounting in /cert.pem and /privkey.pem
| -rwxr-xr-x | 2.4/docker-entrypoint.sh | 42 | ||||
| -rw-r--r-- | README.md | 9 |
2 files changed, 30 insertions, 21 deletions
diff --git a/2.4/docker-entrypoint.sh b/2.4/docker-entrypoint.sh index cff51eb..74da63b 100755 --- a/2.4/docker-entrypoint.sh +++ b/2.4/docker-entrypoint.sh @@ -74,25 +74,27 @@ if [ "x$ANONYMOUS_METHODS" != "x" ]; then fi fi -case "${SSL_CERT:-none}" in - "selfsigned") - # Generate self-signed SSL certificate. - # If SERVER_NAMES is given, use the first domain as the Common Name. - if [ ! -e /privkey.pem ] || [ ! -e /cert.pem ]; then - apk add --no-cache openssl - openssl req -x509 -newkey rsa:2048 -days 1000 -nodes \ - -keyout /privkey.pem -out /cert.pem -subj "/CN=${SERVER_NAME:-selfsigned}" - apk del --no-cache openssl - fi - # Enable SSL Apache modules. - for i in http2 ssl; do - sed -i -e "/^#LoadModule ${i}_module.*/s/^#//" "$HTTPD_PREFIX/conf/httpd.conf" - done - # Enable SSL vhost. - if [ -e /privkey.pem ] && [ -e /cert.pem ]; then - ln -s ../sites-available/default-ssl.conf "$HTTPD_PREFIX/conf/sites-enabled"; \ - fi - ;; -esac +# If specified, generate a selfsigned certificate. +if [ "${SSL_CERT:-none}" = "selfsigned" ]; then + # Generate self-signed SSL certificate. + # If SERVER_NAMES is given, use the first domain as the Common Name. + if [ ! -e /privkey.pem ] || [ ! -e /cert.pem ]; then + apk add --no-cache openssl + openssl req -x509 -newkey rsa:2048 -days 1000 -nodes \ + -keyout /privkey.pem -out /cert.pem -subj "/CN=${SERVER_NAME:-selfsigned}" + apk del --no-cache openssl + fi +fi + +# This will either be the self-signed certificate generated above or one that +# has been bind mounted in by the user. +if [ -e /privkey.pem ] && [ -e /cert.pem ]; then + # Enable SSL Apache modules. + for i in http2 ssl; do + sed -i -e "/^#LoadModule ${i}_module.*/s/^#//" "$HTTPD_PREFIX/conf/httpd.conf" + done + # Enable SSL vhost. + ln -s ../sites-available/default-ssl.conf "$HTTPD_PREFIX/conf/sites-enabled"; \ +fi exec "$@" @@ -6,6 +6,9 @@ This image runs an easily configurable WebDAV server with Apache. +You can configure the authentication type, the authentication of multiple +users, or to run with a self-signed SSL certificate. + * **Code repository:** https://github.com/BytemarkHosting/docker-webdav * **Where to file issues:** @@ -19,7 +22,8 @@ This image runs an easily configurable WebDAV server with Apache. ### Basic WebDAV server -This example starts a WebDAV server. +This example starts a WebDAV server on port 80. It can only be accessed by +a single username and password. When using unencrypted HTTP, use `Digest` authentication (instead of `Basic`) to avoid sending plaintext passwords in the clear. @@ -67,6 +71,9 @@ docker run --restart always -v /srv/dav:/var/lib/dav \ ``` +If you bind mount a certificate chain to `/cert.pem` and a private key to +`/privkey.pem`, the container will use that instead! + ### Authenticate multiple clients Specifying `USERNAME` and `PASSWORD` only supports a single user. If you want |